
<?
	if (!defined('i-Teck_ADMIN')) die("Hacking attempt");

	switch($mod){
		case "add":?>
     
<form id="form1" name="form1" method="post" action="">
  <article class="module width_full">
			<header><h3>Thêm Tin Tức Phải</h3></header>
				<div class="module_content">
					<fieldset>
							<label>Link</label>
					</fieldset>
					<fieldset>
							<input name="url" type="text" id="url" size="50" />
					</fieldset>
					<fieldset>
							<label>Nội Dung</label>
					</fieldset>
					<fieldset>
							<center><textarea name="noidung" cols="50" rows="10" id="noidung"></textarea>
							<script language="javascript1.2">generate_wysiwyg('noidung');</script></center>
					</fieldset>
					<fieldset>
							<label>Ảnh (278 x 200 px)</label>
					</fieldset>
					<fieldset>
							<input name="img" type="text" id="img" size="50" />
      <input type="button" value="Upload" onClick="window.open('?act=rightnews&mod=upload','test1','width=350,height=280');">
					</fieldset>
					<fieldset>
							<label>Hiển thị</label>
					</fieldset>
					<fieldset>
							<center><input type="radio" name="hienthi" value="0"  checked="checked"/>Không      
							<input type="radio" name="hienthi" value="1"/>Có</center>
					</fieldset>
						
					<input type="submit" name="cmd" id="cmd" value="Thêm" class="alt_btn">
				</div>
		</article><!-- end of styles article -->
</form>
<?
	if(isset($_POST["cmd"])=="Thêm"){
		mysql_query("INSERT INTO shop_rightnews (img,url,noidung,hienthi) values
					('".addslashes($_POST["img"])."',
					'".addslashes($_POST["url"])."',
					'".addslashes($_POST["noidung"])."',
					'".intval($_POST["hienthi"])."')");
	
		echo"<meta http-equiv='refresh' content='0; url=?act=rightnews&mod=view'>";
		}


	break; 
	case "view":?>
<?
	$result=mysql_query("SELECT * FROM shop_rightnews");
	if(mysql_num_rows($result)<=0){echo"<center><h4 class='alert_info'>Chưa có dữ liệu.</h4></center>";}
?>
<form id="form2" name="form2" method="post" action="">
  <article class="module width_full">
			<header><h3>Quản lý</h3></header>
	
		<div class="tab_container">
			<div id="tab1" class="tab_content">
			<table class="tablesorter" cellspacing="0"> 
			<thead> 
				<tr> 
    				<th>ID</th> 
    				<th>Link</th> 
    				<th>Nội dung</th> 
    				<th>Logo</th>
    				<th>Sửa</th> 
    				<th>Xóa</th>
				</tr> 
			</thead> 
			<tbody> 
	<? while($r=mysql_fetch_array($result)){?>
    <tr>
      <td><?=$r["id"];?></td>
      <td><a target="_blank" href="<?=$r["url"];?>"><?=$r["url"];?></a></td>
      <td><?=$r["noidung"];?></a></td>
      <td><img src=<?
		echo m_get_config('web_url').'/img'.$r["img"];?> width="150" height="80" />      
      </td>
      <td><a href=?act=rightnews&mod=edit&id=<? echo $r['id'];?>>Sửa</a></td>
    <td><a onClick="return  confirm('Bạn có muốn xóa sản phẩm này ko');"href=?act=rightnews&mod=delete&id=<? echo $r['id'];?>>Xóa</a></td>
    </tr>
    <? }?>
			</tbody> 
			</table></div></div>
		</article><!-- end of styles article -->
</form>
<? 

break;
case "edit":
$id=intval($_GET["id"]);
$re=mysql_query("SELECT * FROM shop_rightnews where id=$id");
while($r=mysql_fetch_array($re)){
?>

<form id="form1" name="form1" method="post" action="">
   <article class="module width_full">
			<header><h3>Sửa Tin Tức Phải</h3></header>
				<div class="module_content">
					<fieldset>
							<label>Link</label>
					</fieldset>
					<fieldset>
							<input name="url" type="text" id="url" size="50" value="<?=$r['url']?>" />
					</fieldset>
					<fieldset>
							<label>Nội Dung</label>
					</fieldset>
					<fieldset>
							<center><textarea name="noidung" cols="50" rows="10" id="noidung"><?=stripslashes($r['noidung']);?></textarea>
							<script language="javascript1.2">generate_wysiwyg('noidung');</script></center>
					</fieldset>
					<fieldset>
							<label>Ảnh (278 x 200 px)</label>
					</fieldset>
					<fieldset>
							<input name="img" type="text" id="img" size="50"  value="<?=$r['img']?>"/>
      <input type="button" value="Upload" onClick="window.open('?act=rightnews&mod=upload','test1','width=350,height=280');">
					</fieldset>
					<fieldset>
							<label>Hiển thị</label>
					</fieldset>
					<fieldset>
							<center><input type="radio" name="hienthi" value="0" <? if($r['hienthi']=="0"){echo'checked="checked"';}?>/>
          Không
         <input type="radio" name="hienthi" value="1"<? if($r['hienthi']=="1"){echo'checked="checked"';}?>/>
             Có</center>
					</fieldset>
						
					<input type="submit" name="cmd" id="cmd" value="Thêm" class="alt_btn">
				</div>
		</article><!-- end of styles article -->
</form>
<?
}
	if(isset($_POST["cmd"])=="Sửa"){
			mysql_query("UPDATE shop_rightnews SET img='".addslashes($_POST["img"])."',
											 url='".addslashes($_POST["url"])."',
											 noidung='".addslashes($_POST["noidung"])."',
											 hienthi='".intval($_POST["hienthi"])."' WHERE id=$id");
			mysql_close();
			echo"<meta http-equiv='refresh' content='0; url=?act=rightnews&mod=view'>";
		}

break;
case "delete":
		$id=intval($_GET["id"]);
		$re=mysql_query("SELECT * FROM shop_rightnews where id=$id");
		while($r=mysql_fetch_array($re))
		{
			unlink('../img'.$r["img"]);
		}
		mysql_query("delete from shop_rightnews where id=$id");
		mysql_close();
		echo "<meta http-equiv='refresh' content='0; url=?act=rightnews&mod=view'>";
break;

case "upload":
	
?>





<form enctype="multipart/form-data" method="post">
  <div align="center">
    <h1>Upload file 
    </h1>
  </div>
  
  
  <table width="400" border="0" align="center" cellpadding="3" cellspacing="3">
    <tr>
      <td>Chọn file: </td>
      <td><input name="f1" type="file" id="f1"></td>
    </tr>
    
    
    <tr>
      <td>&nbsp;</td>
      <td><input name="cmd" type="submit" id="cmd" value="Upload">
        <input type="reset" name="Reset" value="Reset"></td>
    </tr>
  </table>
</form>
<?

	if ($_REQUEST["cmd"] =="Upload"){
		$a = $_FILES["f1"]["tmp_name"];
		$b = $_FILES["f1"]["name"];
		$c = $_FILES["f1"]["size"];
		$d = $_FILES["f1"]["type"];
		$e = $_FILES["f1"]["error"];
		
		
		echo strstr("image",$d); 
		if (!getimagesize($_FILES['f1']['tmp_name']))
			{ echo "<font color=red><center>Invalid Image File...</center></font>";
			exit();
			}
			
			if (substr($d,0,5)=="image"){
				
		move_uploaded_file($a,"../img/rightnews/".$b);
		echo "Đã upload thành công file <b>{$b}</b>!<br>Click vào ảnh để chọn file này.<br>";
		
		echo "<a title='Chọn file này' href=# onclick=\"window.opener.document.form1.img.value='$web_urlimg/rightnews/$b';window.close();\"><img border=0 width=80 src=../img/rightnews/".$b." height=60></a>";
		

		
		
		} else {
		echo "Upload không thành công!";
		}
	}
			break;



	} 
?>
  
  
  
  
  
  
